EUVD-2024-31860

Malicious code in bioql PyPI...

Dataease before 1.11.2 access control issue allows attackers to arbitrarily uninstall plugin

An access control issue in the component /api/plugin/uninstall Dataease v1.11.1 allows attackers to arbitrarily uninstall the plugin, a right normally reserved for the administrator. Version 1.11.2 contains a patch for this issue...

DataEase 安全漏洞

DataEase is an open source data visualization and analysis tool. Used to help users quickly analyze data and insight into business trends , so as to achieve business improvement and optimization . DataEase v1.11.1 There is a security vulnerability , the vulnerability stems from the plug-in...

Cross-Site Request Forgery (CSRF) in glpi-project/glpi

✍️ Description Hello dear glpi team I found one more CSRF vulnerability. 🕵️‍♂️ Proof of Concept 1.fisrt user already should be logged in In Firefox or safari. 2.Open the PoC.html and click on submit button Also it can be auto-submit 3.Here pdf plugin will be uninstalled after clicking on submit...

CVE-2019-14999

The CVE-2019-14999 vulnerability affects the Atlassian Universal Plugin Manager (UPM) REST uninstall endpoint used by Jira. Versions affected are UPM prior to 2.22.19, 3.0.x prior to 3.0.3, and 4.0.x prior to 4.0.3. The flaw allows an authenticated administrator to be CSRF-triggered to uninstall ...

Seditio 170 Cross Site Request Forgery / SQL Injection

============================================================ Vulnerable Software: Seditio 170 seditio-build170.20120302 Downloaded from:http://www.neocrome.net/files/code/seditio-build170.20120302.rar MD5 SUM:beb6adc6abb56f947698c1efdbae9430 seditio-build170.20120302.rar...

CVE-2010-1621

The mysqluninstallplugin function in sql/sqlplugin.cc in MySQL 5.1 before 5.1.46 does not check privileges before uninstalling a plugin, which allows remote attackers to uninstall arbitrary plugins via the UNINSTALL PLUGIN command...